WordPress Plugins or themes that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons.

JetPack plugin and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact count is difficult to grasp, but both the plugin and theme are default installs in millions of WordPress installs.

The main issue here is the genericons package, so any plugin that makes use of this package is potentially vulnerable if it includes the example.html file that comes with the package.

Can Online Gambling Ever Be Fully Safe?
What surprises those outside the online gambling industry is not the prevalence of corruption, but the fact that so much of the industry is actually very safe. Low start-up costs and the lure of fast money will attract some rogue operators. It is possible to start a casino for as little as $100k, and many who try this end up going broke. However, the industry does police itself, and reputations are at a premium, meaning the vast majority of gamblers are safe.
Here are the key issues faced by todays’ online gamblers – […]

New technologies such as Google Glass and IPv6 will lead to new, deadly forms of cyber attack if current manufacturing security practices continue, according to experts from Europol, Trend Micro and The International Cyber Security Protection Alliance (ICSPA).

The experts made the warning in a recently published Scenarios for the Future of Cyber Crime white paper. The paper explored what threats the experts expect to emerge in the next six and a half years and is the result of collaborative research between law enforcement, academia, governments and industry.

Medical implants, cars and critical infrastructure such as gas pipelines could be at risk from cyber attacks by the end of the decade.

Explosive growth in the number of devices connected to the internet will open up new threats to people and infrastructure, a study backed by police and businesses claims.

The study, carried out by Europol’s European Cybercrime Centre, along with the International Cyber Security Protection Alliance (ICSPA) – a body which brings together law enforcement organisations and technology companies – predicts a huge growth in virtual reality technologies.

People will use augmented reality spectacles or contact lenses to download information as […]

Cybersecurity firm Kaspersky Lab said Thursday that it’s discovered a group of “cyber-mercenaries” called “Icefog”. Target: government and military institutions.

Most of the victims have been in South Korea and Japan. But the Icefog campaign is coming to an American company near you, Kaspersky Lab security analysts said during the 4th Annual Billington Cybersecurity Summit in Washington DC today.

Icefog is an advanced persistent threat, or APT in cyber security parlance. Only, they’re different than the usual APT. These skilled high tech adversaries tend to gun for high-profile victims and stealthily infiltrate computer systems to snoop or steal valuable […]

A recent technology discussed in the realm of internet security is madware (mobile adware). The primary question is whether or not it is a legitimate threat to security or simply a terrible inconvenience. Adware on mobile devices is more noticeable than adware on traditional computers because the viewing screens are significantly smaller. While the same number of ads may be displayed, it is more overwhelming on smaller mobile screens.

Madware is a Growing Problem

There is no denying that the amount of advertising seen on mobile devices has skyrocketed over the past several years. One recent study noted the number of apps […]

In today’s world we would not dream of letting our kids walk to school by themselves, But when it comes to online safety, are we as being as safe as we should be?

A video from the Child Exploitation and Online Protection Centre in the U.K. which has over 90k shares on Facebook drives the message home about what information kids put up on the internet and
draws similarities between posting an online profile on a social media website to placing a large sign in the front garden of your house announcing details to the cyber stalkers and cyberbullies in the area.

US intelligence carried out 231 offensive cyber-ops in 2011, nearly three-quarters of them against key targets such as Iran, Russia, China and N. Korea, as well as nuclear proliferation, a classified report obtained by The Washington Post says.

The “most challenging targets” also include suspected terrorists “in Afghanistan, Pakistan, Yemen, Iraq, Somalia, and other extremist safe havens,” according to one list of priorities. US budget documents describe the attacks as “active defense.”

Some cyber-operations reportedly feature what one budget document calls “field operations” organized “to physically place hardware implants or software modifications” with the help of CIA operatives or clandestine military forces.

Schools are giving students the tools to explore the web as early as fifth-grade. But they also have to teach the kids about how dangerous it can be.

“It’s complicated parenting, but we can’t deny that is where our world is going,” said Ali Marchilden of Burlington.

Teachers and parents are taking on the brunt of the task.

“We teach students about appropriate behavior in school on the playground, on the bus walking back, back-and-forth to school. We really need to start talking about what is appropriate Internet behavior,” said Donna McAllister of the Vt. Department of Education.

Edward Snowden successfully assumed the electronic identities of top NSA officials to access some of the secret National Security Agency documents he leaked, Richard Esposito, Matthew Cole and Robert Windrem of NBC News report.

“Every day, they are learning how brilliant was,” a former U.S. official with knowledge of the case told NBC. “This is why you don’t hire brilliant people for jobs like this. You hire smart people. Brilliant people get you in trouble.”

The 30-year-old’s role as a “system administrator” meant that he was able to access NSAnet, the agency’s intranet, using those user profiles and without leaving any […]